What is CVE-2003-1567?

CVE-2003-1567 is a high-severity vulnerability in Microsoft Internet_information_services, classified under Information Disclosure. CVSS score: 7.5/10. Published 2009-01-15.

How severe is CVE-2003-1567?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2003-1567 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Microsoft Internet_information_services

CVE-2003-1567

The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication cred…

Vulnerability class: Information Disclosure

EPSS: 0.799 (99.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Microsoft Internet_information_services — versions 5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

cve@mitre.org (mailing-list, Exploit, x_refsource_NTBUGTRAQ)
cve@mitre.org (US Government Resource, x_refsource_CERT-VN, third-party-advisory)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_OSVDB, Exploit, vdb-entry)
134c704f-9b21-4f2e-91b3-4a467353bcc0

Frequently asked questions

What is CVE-2003-1567?: CVE-2003-1567 is a high-severity vulnerability in Microsoft Internet_information_services, classified under Information Disclosure. CVSS score: 7.5/10. Published 2009-01-15.
How severe is CVE-2003-1567?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2003-1567 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.